In NSX-T, traffic is not redirected to Service Insertion partner VM

search cancel

In NSX-T, traffic is not redirected to Service Insertion partner VM

book

Article ID: 324219

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Host based deployment is used for Service Insertion.
Partner SVM has its management interface connected to an NSX-T segment/logical switch, either VLAN or overlay.
The deployment is successful however no traffic is seen on the partner VM.
On the ESXi host the SI table is not fully populated

>vsipioctl getsisvctable
Service table has 1 entries
service table count 1

----------------------------------------------------------------------------------------------------------------------------------

 PATH INDEX| UUID               | FWD SPI,SI,SCID   | FWD SERVICE MAC   | REV SPI,SI,SCID   | REV SERVICE MAC   | FAILURE POLICY|

----------------------------------------------------------------------------------------------------------------------------------

1d53c900-####-####-####-f0f9ef685630                                                                            |  ALLOW         |

----------------------------------------------------------------------------------------------------------------------------------

Environment

VMware NSX-T Data Center 3.x

Cause

This issue occurs due to the incorrect processing of the logical switch port. The issue is present only when a logical switch is used for the management interface of the SVM.

Resolution

This issue is resolved in NSX-T Data Center 3.1.3

To workaround the issue, redeploy the SVMs using a VLAN portgroup for the management interface.

Feedback

thumb_up Yes

thumb_down No